The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ubuntu

security threat CVE-2019-15790

Apport: information disclosure via Privileged Crash Dump

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Privileged Crash Dump of Apport, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 30/10/2019.
Identifiers: CVE-2019-15790, USN-4171-1, USN-4171-2, USN-4171-3, USN-4171-4, VIGILANCE-VUL-30745.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Privileged Crash Dump of Apport, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2019-11485

Apport: denial of service via Lock File Creation

Synthesis of the vulnerability

An attacker can trigger a fatal error via Lock File Creation of Apport, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 30/10/2019.
Identifiers: CVE-2019-11485, USN-4171-1, USN-4171-2, USN-4171-3, USN-4171-4, VIGILANCE-VUL-30744.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via Lock File Creation of Apport, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2019-11483

Apport: information disclosure via Container Crash Dumps

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Container Crash Dumps of Apport, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 30/10/2019.
Identifiers: CVE-2019-11483, USN-4171-1, USN-4171-2, USN-4171-3, USN-4171-4, VIGILANCE-VUL-30743.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Container Crash Dumps of Apport, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2019-11482

Apport: information disclosure via Core Dump Creation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Core Dump Creation of Apport, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 30/10/2019.
Identifiers: CVE-2019-11482, USN-4171-1, USN-4171-2, USN-4171-3, USN-4171-4, VIGILANCE-VUL-30742.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Core Dump Creation of Apport, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2019-16709

ImageMagick: memory leak via XCreateImage

Synthesis of the vulnerability

An attacker can create a memory leak via XCreateImage() of ImageMagick, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 16/10/2019.
Identifiers: CVE-2019-16709, openSUSE-SU-2019:2317-1, openSUSE-SU-2019:2321-1, openSUSE-SU-2019:2515-1, openSUSE-SU-2019:2519-1, SUSE-SU-2019:2785-2, SUSE-SU-2019:2896-1, USN-4192-1, VIGILANCE-VUL-30642.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via XCreateImage() of ImageMagick, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2019-5094

e2fsprogs: code execution via quota

Synthesis of the vulnerability

An attacker can use a vulnerability via quota of e2fsprogs, in order to run code.
Severity: 1/4.
Creation date: 30/09/2019.
Identifiers: CVE-2019-5094, DLA-1935-1, DSA-4535-1, USN-4142-1, USN-4142-2, VIGILANCE-VUL-30467.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via quota of e2fsprogs, in order to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-21008

Linux kernel: use after free via rsi_mac80211_detach

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via rsi_mac80211_detach() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-527, CERTFR-2019-AVI-530, CVE-2018-21008, DLA-1930-1, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, USN-4162-1, USN-4162-2, USN-4163-1, USN-4163-2, VIGILANCE-VUL-30403.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via rsi_mac80211_detach() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-20976

Linux kernel: use after free via fs/xfs/xfs_super.c

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via fs/xfs/xfs_super.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 1/4.
Creation date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-455, CERTFR-2019-AVI-478, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CERTFR-2019-AVI-561, CERTFR-2019-AVI-575, CVE-2018-20976, DLA-1930-1, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4144-1, USN-4145-1, VIGILANCE-VUL-30400.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via fs/xfs/xfs_super.c of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2019-14835

Linux kernel: buffer overflow via vhost/vhost_net

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Severity: 2/4.
Creation date: 17/09/2019.
Revision date: 25/09/2019.
Identifiers: CERTFR-2019-AVI-448, CERTFR-2019-AVI-451, CERTFR-2019-AVI-455, CERTFR-2019-AVI-457, CERTFR-2019-AVI-466, CERTFR-2019-AVI-467, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-530, CERTFR-2019-AVI-561, CERTFR-2019-AVI-575, CVE-2019-14835, DLA-1930-1, DLA-1940-1, DSA-4531-1, FEDORA-2019-a570a92d5a, FEDORA-2019-e3010166bd, openSUSE-SU-2019:2173-1, openSUSE-SU-2019:2181-1, RHSA-2019:2827-01, RHSA-2019:2828-01, RHSA-2019:2829-01, RHSA-2019:2830-01, RHSA-2019:2854-01, RHSA-2019:2862-01, RHSA-2019:2863-01, RHSA-2019:2864-01, RHSA-2019:2865-01, RHSA-2019:2866-01, RHSA-2019:2867-01, RHSA-2019:2869-01, RHSA-2019:2899-01, RHSA-2019:2900-01, RHSA-2019:2901-01, SSA:2019-311-01, SUSE-SU-2019:14218-1, SUSE-SU-2019:2412-1, SUSE-SU-2019:2424-1, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2738-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, USN-4135-1, USN-4135-2, VIGILANCE-VUL-30355.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can trigger a buffer overflow via vhost/vhost_net of the Linux kernel, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2019-16714

Linux kernel: information disclosure via rds6_inc_info_copy

Synthesis of the vulnerability

A local attacker can read a memory fragment via rds6_inc_info_copy() of the Linux kernel, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 24/09/2019.
Identifiers: CERTFR-2019-AVI-518, CERTFR-2019-AVI-527, CVE-2019-16714, USN-4157-1, USN-4157-2, VIGILANCE-VUL-30388.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment via rds6_inc_info_copy() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ubuntu: